When you work with Azure Automation — and especially if you use Hybrid Worker machines — sometimes you need to use the certificates that are part of the connections created by the automation account on a local VM or server.

Runbooks that use these kinds of certificates work fine in the Azure environment, but if you need to run it in your local environment, using Hybrid Worker machines, this represents a challenge.

What are Hybrid Worker Machines?

You might need to use an Azure Automation certificate locally regardless, but the use of Hybrid Worker machines almost necessitates it. Hybrid Workers are servers that enable Azure Automation Runbooks to run in a local context at the OS/server level, by using Azure Log Analytics, Monitoring Agent, and runbooks.

This allows you to manage all of your scripts from a single server, across your entire environment. You can execute your Runbook scripts with Schedules, Web Hooks, or Logic Apps. They also help keep costs down so you can right-size your Runbook server (AKA make it super small or even shut it down depending on when you need your automation).

If you decide to implement a local Azure Hybrid Worker box, you might need that server to have access to connection certificates from your Azure environment.

Let’s use a sample code that we could test in Azure and in a Hybrid worker:

I found myself digging around ways to resolve this apparent limitation, until I found a simple way to export the desire certificate to the local machine. Here is a code that you can run to accomplish it, as found on the PS Gallery. Be sure to replace the relevant names and passwords with unique ones for your environment!